|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On Thu, Nov 6, 2008 at 9:19 AM, Michael Lazin <microlaser@gmail.com> wrote:
> If you are receiving a lot of bouncebacks your account was probably not used
> to send spam. More likely your email address was spoofed.
That's called "backscatter". Happens to all of us, sooner or later. If
you're sure you haven't been compromised, then you just grumble and
get on with things, mostly ...
>
> On Thu, Nov 6, 2008 at 7:04 AM, George A. Theall <theall@tifaware.com>
> wrote:
>>
>> On Wed, Nov 05, 2008 at 08:51:32PM -0500, Brian Vagnoni wrote:
>>
>> > I found this in my inbox. I didn't send it, bvagod@nu-star.com isn't my
>> > address or a domain I recognize. Any ideas? The body of the message was html
>> > and something about msn.
>>
>> Your email address was probably used to send some spam. It's hard to
>> know with certainty, though, since all you have is one message that
>> appears to be a bounce. Anyway...
>>
>> > Hi. This is the qmail-send program at mg.greatlakes-is.com.
>> > I'm afraid I wasn't able to deliver your message to the following
>> > addresses.
>> > This is a permanent error; I've given up. Sorry it didn't work out.
>> >
>> > <bvagod@nu-star.com>:
>>
>> nu-star.com has two MX records, and the one with the higher priority is
>> mx1-mg.greatlakes-is.com. So this seems normal.
>>
>> > 208.79.240.2 failed after I sent the message.
>>
>> nu-star.com's other MX record points to mail.rollernet.us
>> (208.79.240.2).
>>
>> > Remote host said: 550 5.7.1 Message content rejected, spam score is too
>> > high.
>> >
>> > --- Below this line is a copy of the message.
>> >
>> > Return-Path: <bvagnoni@v-system.net>
>>
>> This generally comes from the envelope sender (ie, "MAIL FROM") and
>> explains why you got the bounce.
>>
>> > Received: (qmail 7194 invoked by uid 89); 4 Nov 2008 20:40:24 -0000
>> > Received: by simscan 1.3.1 ppid: 7191, pid: 7192, t: 0.4180s
>> > scanners:none
>> > Received: from unknown (HELO casa-9plhr7737j) (189.26.205.187)
>> > by 0 with SMTP; 4 Nov 2008 20:40:24 -0000
>>
>> Assuming this is accurate, the IP belongs to Global Village Telecom,
>> which appears to be an ISP in Brazil.
>>
>> > Received-SPF: softfail (0: transitioning SPF record at v-system.net does
>> > not designate 189.26.205.187 as permitted sender)
>>
>> If you run your own DNS, you may have a record of this transaction.
>>
>> > X-Originating-IP: [826.4.779.37]
>>
>> Really... 826.? Must be one of those new-fangled IPv5 addresses. :-)
>>
>>
>> George
>> --
>> theall@tifaware.com
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group --
>> http://www.phillylinux.org
>> Announcements -
>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion --
>> http://lists.phillylinux.org/mailman/listinfo/plug
>
>
>
> --
> Michael Lazin
> To gar auto estin noein te kai enai
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>
>
--
Michael J. Leone, <mailto:turgon@mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
"Want to make your computer go really fast? Throw it out the window!"
...Anonymous
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|